Revert "Create non-bypassable op restrictions"
This reverts commit a023924afd388a6ca9fa7ec36b99b1de1795c32b.
Reason for revert: Test Monitor triggers the test build
Bug: 188708756
Bug: 188733943
Change-Id: I2d17d4f77287020953fb559cf98ff8475f32ed1b
(cherry picked from commit 0d02112ea44132563cd729cfa5b500a30fb5da16)
diff --git a/core/java/android/app/AppOpsManager.java b/core/java/android/app/AppOpsManager.java
index 92756b6..ed00436 100644
--- a/core/java/android/app/AppOpsManager.java
+++ b/core/java/android/app/AppOpsManager.java
@@ -7413,18 +7413,8 @@
*/
public void setUserRestrictionForUser(int code, boolean restricted, IBinder token,
@Nullable Map<String, String[]> excludedPackageTags, int userId) {
- setUserRestrictionForUser(code, restricted, token, excludedPackageTags, userId, false);
- }
-
- /**
- * An empty array of attribution tags means exclude all tags under that package.
- * @hide
- */
- public void setUserRestrictionForUser(int code, boolean restricted, IBinder token,
- @Nullable Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) {
try {
- mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags,
- rejectBypass);
+ mService.setUserRestriction(code, restricted, token, userId, excludedPackageTags);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
diff --git a/core/java/com/android/internal/app/IAppOpsService.aidl b/core/java/com/android/internal/app/IAppOpsService.aidl
index 3cc7e64..3cf4621 100644
--- a/core/java/com/android/internal/app/IAppOpsService.aidl
+++ b/core/java/com/android/internal/app/IAppOpsService.aidl
@@ -92,7 +92,7 @@
void setAudioRestriction(int code, int usage, int uid, int mode, in String[] exceptionPackages);
void setUserRestrictions(in Bundle restrictions, IBinder token, int userHandle);
- void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags, boolean rejectBypass);
+ void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle, in Map<String, String[]> excludedPackageTags);
void removeUser(int userHandle);
void startWatchingActive(in int[] ops, IAppOpsActiveCallback callback);
diff --git a/services/core/java/com/android/server/SensorPrivacyService.java b/services/core/java/com/android/server/SensorPrivacyService.java
index 2bf4edc..b0d6d65 100644
--- a/services/core/java/com/android/server/SensorPrivacyService.java
+++ b/services/core/java/com/android/server/SensorPrivacyService.java
@@ -26,6 +26,7 @@
import static android.app.AppOpsManager.OP_PHONE_CALL_CAMERA;
import static android.app.AppOpsManager.OP_PHONE_CALL_MICROPHONE;
import static android.app.AppOpsManager.OP_RECORD_AUDIO;
+import static android.app.AppOpsManager.OP_RECORD_AUDIO_HOTWORD;
import static android.content.Intent.EXTRA_PACKAGE_NAME;
import static android.content.Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS;
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
@@ -54,7 +55,6 @@
import android.content.Intent;
import android.content.IntentFilter;
import android.content.pm.PackageManager;
-import android.content.pm.UserInfo;
import android.graphics.drawable.Icon;
import android.hardware.ISensorPrivacyListener;
import android.hardware.ISensorPrivacyManager;
@@ -167,8 +167,6 @@
private EmergencyCallHelper mEmergencyCallHelper;
private KeyguardManager mKeyguardManager;
- private int mCurrentUser = -1;
-
public SensorPrivacyService(Context context) {
super(context);
mContext = context;
@@ -179,19 +177,6 @@
mTelephonyManager = context.getSystemService(TelephonyManager.class);
mSensorPrivacyServiceImpl = new SensorPrivacyServiceImpl();
-
- mUserManagerInternal.addUserLifecycleListener(
- new UserManagerInternal.UserLifecycleListener() {
- @Override
- public void onUserCreated(UserInfo user, Object token) {
- setCurrentUserRestriction();
- }
-
- @Override
- public void onUserRemoved(UserInfo user) {
- removeUserRestrictions(user.id);
- }
- });
}
@Override
@@ -210,20 +195,6 @@
}
}
- @Override
- public void onUserStarting(TargetUser user) {
- if (mCurrentUser == -1) {
- mCurrentUser = user.getUserIdentifier();
- setCurrentUserRestriction();
- }
- }
-
- @Override
- public void onUserSwitching(TargetUser from, TargetUser to) {
- mCurrentUser = to.getUserIdentifier();
- setCurrentUserRestriction();
- }
-
class SensorPrivacyServiceImpl extends ISensorPrivacyManager.Stub implements
AppOpsManager.OnOpNotedListener, AppOpsManager.OnOpStartedListener,
IBinder.DeathRecipient, UserManagerInternal.UserRestrictionsListener {
@@ -1386,45 +1357,17 @@
}
private void setUserRestriction(int userId, int sensor, boolean enabled) {
- if (userId == mCurrentUser) {
- setCurrentUserRestriction(sensor, enabled);
+ if (sensor == CAMERA) {
+ mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, enabled,
+ mAppOpsRestrictionToken, null, userId);
+ } else if (sensor == MICROPHONE) {
+ mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, enabled,
+ mAppOpsRestrictionToken, null, userId);
+ mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO_HOTWORD, enabled,
+ mAppOpsRestrictionToken, null, userId);
}
}
- private void setCurrentUserRestriction() {
- boolean micState = mSensorPrivacyServiceImpl
- .isIndividualSensorPrivacyEnabled(mCurrentUser, MICROPHONE);
- boolean camState = mSensorPrivacyServiceImpl
- .isIndividualSensorPrivacyEnabled(mCurrentUser, CAMERA);
-
- setCurrentUserRestriction(MICROPHONE, micState);
- setCurrentUserRestriction(CAMERA, camState);
- }
-
- private void setCurrentUserRestriction(int sensor, boolean enabled) {
- int[] userIds = mUserManagerInternal.getUserIds();
- int code;
- if (sensor == MICROPHONE) {
- code = OP_RECORD_AUDIO;
- } else if (sensor == CAMERA) {
- code = OP_CAMERA;
- } else {
- Log.w(TAG, "Invalid sensor id: " + sensor, new RuntimeException());
- return;
- }
- for (int i = 0; i < userIds.length; i++) {
- mAppOpsManager.setUserRestrictionForUser(code, enabled,
- mAppOpsRestrictionToken, null, userIds[i], true);
- }
- }
-
- private void removeUserRestrictions(int userId) {
- mAppOpsManager.setUserRestrictionForUser(OP_RECORD_AUDIO, false,
- mAppOpsRestrictionToken, null, userId, true);
- mAppOpsManager.setUserRestrictionForUser(OP_CAMERA, false,
- mAppOpsRestrictionToken, null, userId, true);
- }
-
private final class DeathRecipient implements IBinder.DeathRecipient {
private ISensorPrivacyListener mListener;
diff --git a/services/core/java/com/android/server/appop/AppOpsService.java b/services/core/java/com/android/server/appop/AppOpsService.java
index 3182913..b6aec836 100644
--- a/services/core/java/com/android/server/appop/AppOpsService.java
+++ b/services/core/java/com/android/server/appop/AppOpsService.java
@@ -4568,9 +4568,6 @@
// package is exempt from the restriction.
ClientRestrictionState restrictionState = mOpUserRestrictions.valueAt(i);
if (restrictionState.hasRestriction(code, packageName, attributionTag, userHandle)) {
- if (restrictionState.rejectBypass(code, userHandle)) {
- return true;
- }
RestrictionBypass opBypass = opAllowSystemBypassRestriction(code);
if (opBypass != null) {
// If we are the system, bypass user restrictions for certain codes
@@ -6152,8 +6149,6 @@
for (int j = 0; j < restrictionCount; j++) {
int userId = restrictionState.perUserRestrictions.keyAt(j);
boolean[] restrictedOps = restrictionState.perUserRestrictions.valueAt(j);
- boolean[] rejectBypassOps =
- restrictionState.perUserRejectBypasses.valueAt(j);
if (restrictedOps == null) {
continue;
}
@@ -6178,9 +6173,6 @@
restrictedOpsValue.append(", ");
}
restrictedOpsValue.append(AppOpsManager.opToName(k));
- if (rejectBypassOps != null && rejectBypassOps[k]) {
- restrictedOpsValue.append(" rejectBypass=true");
- }
}
}
restrictedOpsValue.append("]");
@@ -6261,14 +6253,14 @@
String restriction = AppOpsManager.opToRestriction(i);
if (restriction != null) {
setUserRestrictionNoCheck(i, restrictions.getBoolean(restriction, false), token,
- userHandle, null, false);
+ userHandle, null);
}
}
}
@Override
public void setUserRestriction(int code, boolean restricted, IBinder token, int userHandle,
- Map<String, String[]> excludedPackageTags, boolean rejectBypass) {
+ Map<String, String[]> excludedPackageTags) {
if (Binder.getCallingPid() != Process.myPid()) {
mContext.enforcePermission(Manifest.permission.MANAGE_APP_OPS_RESTRICTIONS,
Binder.getCallingPid(), Binder.getCallingUid(), null);
@@ -6284,12 +6276,11 @@
}
verifyIncomingOp(code);
Objects.requireNonNull(token);
- setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags,
- rejectBypass);
+ setUserRestrictionNoCheck(code, restricted, token, userHandle, excludedPackageTags);
}
private void setUserRestrictionNoCheck(int code, boolean restricted, IBinder token,
- int userHandle, Map<String, String[]> excludedPackageTags, boolean rejectBypass) {
+ int userHandle, Map<String, String[]> excludedPackageTags) {
synchronized (AppOpsService.this) {
ClientRestrictionState restrictionState = mOpUserRestrictions.get(token);
@@ -6303,7 +6294,7 @@
}
if (restrictionState.setRestriction(code, restricted, excludedPackageTags,
- userHandle, rejectBypass)) {
+ userHandle)) {
mHandler.sendMessage(PooledLambda.obtainMessage(
AppOpsService::notifyWatchersOfChange, this, code, UID_ANY));
mHandler.sendMessage(PooledLambda.obtainMessage(
@@ -6834,10 +6825,8 @@
private final class ClientRestrictionState implements DeathRecipient {
private final IBinder token;
SparseArray<boolean[]> perUserRestrictions;
- SparseArray<boolean[]> perUserRejectBypasses;
SparseArray<Map<String, String[]>> perUserExcludedPackageTags;
-
public ClientRestrictionState(IBinder token)
throws RemoteException {
token.linkToDeath(this, 0);
@@ -6845,17 +6834,13 @@
}
public boolean setRestriction(int code, boolean restricted,
- Map<String, String[]> excludedPackageTags, int userId, boolean rejectBypass) {
+ Map<String, String[]> excludedPackageTags, int userId) {
boolean changed = false;
if (perUserRestrictions == null && restricted) {
perUserRestrictions = new SparseArray<>();
}
- if (perUserRejectBypasses == null && rejectBypass) {
- perUserRejectBypasses = new SparseArray<>();
- }
-
int[] users;
if (userId == UserHandle.USER_ALL) {
// TODO(b/162888972): this call is returning all users, not just live ones - we
@@ -6915,20 +6900,6 @@
}
changed = true;
}
-
- boolean[] userRejectBypasses = perUserRejectBypasses.get(thisUserId);
- if (userRejectBypasses == null && rejectBypass) {
- userRejectBypasses = new boolean[AppOpsManager._NUM_OP];
- perUserRejectBypasses.put(thisUserId, userRejectBypasses);
- }
- if (userRejectBypasses != null
- && userRejectBypasses[code] != rejectBypass) {
- userRejectBypasses[code] = rejectBypass;
- if (!rejectBypass && isDefault(userRejectBypasses)) {
- perUserRejectBypasses.remove(thisUserId);
- }
- changed = true;
- }
}
}
}
@@ -6966,17 +6937,6 @@
return !ArrayUtils.contains(excludedTags, attributionTag);
}
- public boolean rejectBypass(int restriction, int userId) {
- if (perUserRejectBypasses == null) {
- return false;
- }
- boolean[] rejectBypasses = perUserRejectBypasses.get(userId);
- if (rejectBypasses == null) {
- return false;
- }
- return rejectBypasses[restriction];
- }
-
public void removeUser(int userId) {
if (perUserExcludedPackageTags != null) {
perUserExcludedPackageTags.remove(userId);